Improve/GitHub workflows

.github/workflows/build.yaml

@@ -6,8 +6,8 @@ on:
       - 'v*'
 
 jobs:
-  docker:
-    name: docker
+  build-push-docker:
+    name: build-docker
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
@@ -33,6 +33,10 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
+  build-push-bundle:
+    name: build-push-bundle
+    runs-on: ubuntu-latest
+    steps:
       - name: Install operator-sdk
         run: |
           curl -L https://github.com/operator-framework/operator-sdk/releases/download/v1.31.0/operator-sdk_linux_amd64 -o /usr/local/bin/operator-sdk

config/manager/kustomization.yaml

@@ -3,10 +3,3 @@ resources:
 - secret.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-images:
-- name: controller
-  newName: controller
-  newTag: latest
-- name: ghcr.io/snapp-incubator/s3-operator
-  newName: s3-operator
-  newTag: latest

deploy/charts/s3-operator/Chart.yaml

@@ -13,9 +13,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.4
+version: 0.3.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.5"
+appVersion: "v0.3.4"

deploy/charts/s3-operator/templates/clusterresourcequota-updater-binding-rbac.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "s3-operator.fullname" . }}-clusterresourcequota-updater-binding
+  labels:
+  {{- include "s3-operator.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: '{{ include "s3-operator.fullname" . }}-clusterresourcequota-updater'
+subjects:
+- kind: ServiceAccount
+  name: '{{ include "s3-operator.fullname" . }}-controller-manager'
+  namespace: '{{ .Release.Namespace }}'

deploy/charts/s3-operator/templates/clusterresourcequota-updater-rbac.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "s3-operator.fullname" . }}-clusterresourcequota-updater
+  labels:
+  {{- include "s3-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - quota.openshift.io
+  resources:
+  - clusterresourcequotas/status
+  verbs:
+  - update
+  - patch

deploy/charts/s3-operator/templates/manager-rbac.yaml

@@ -49,6 +49,32 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - s3.snappcloud.io
+  resources:
+  - s3buckets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - s3.snappcloud.io
+  resources:
+  - s3buckets/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - s3.snappcloud.io
+  resources:
+  - s3buckets/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - s3.snappcloud.io
   resources:

deploy/charts/s3-operator/templates/resourcequota-status-updater-binding-rbac.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "s3-operator.fullname" . }}-resourcequota-status-updater-binding
+  labels:
+  {{- include "s3-operator.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: '{{ include "s3-operator.fullname" . }}-resourcequota-status-updater'
+subjects:
+- kind: ServiceAccount
+  name: '{{ include "s3-operator.fullname" . }}-controller-manager'
+  namespace: '{{ .Release.Namespace }}'

deploy/charts/s3-operator/templates/resourcequota-status-updater-rbac.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "s3-operator.fullname" . }}-resourcequota-status-updater
+  labels:
+  {{- include "s3-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - resourcequotas/status
+  verbs:
+  - update
+  - patch

deploy/charts/s3-operator/templates/s3bucket-crd.yaml

@@ -0,0 +1,93 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: s3buckets.s3.snappcloud.io
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.1
+  labels:
+  {{- include "s3-operator.labels" . | nindent 4 }}
+spec:
+  group: s3.snappcloud.io
+  names:
+    kind: S3Bucket
+    listKind: S3BucketList
+    plural: s3buckets
+    shortNames:
+    - s3b
+    singular: s3bucket
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.s3UserRef
+      name: S3USERREF
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: S3Bucket is the Schema for the s3buckets API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: S3BucketSpec defines the desired state of S3Bucket
+            properties:
+              s3DeletionPolicy:
+                default: delete
+                enum:
+                - delete
+                - retain
+                type: string
+              s3SubuserBinding:
+                items:
+                  properties:
+                    access:
+                      default: read
+                      description: access of the subuser which can be read or write
+                      enum:
+                      - read
+                      - write
+                      type: string
+                    name:
+                      description: name of the subuser
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              s3UserRef:
+                type: string
+            required:
+            - s3UserRef
+            type: object
+          status:
+            description: S3BucketStatus defines the observed state of S3Bucket
+            properties:
+              created:
+                default: false
+                type: boolean
+              policy:
+                type: string
+              reason:
+                type: string
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

deploy/charts/s3-operator/templates/s3user-crd.yaml

@@ -120,6 +120,7 @@ spec:
                 properties:
                   maxBuckets:
                     description: max number of buckets the user can create
+                    format: int64
                     type: integer
                   maxObjects:
                     anyOf:

deploy/charts/s3-operator/templates/s3userclaim-crd.yaml

@@ -12,6 +12,8 @@ spec:
     kind: S3UserClaim
     listKind: S3UserClaimList
     plural: s3userclaims
+    shortNames:
+    - s3u
     singular: s3userclaim
   scope: Namespaced
   versions:
@@ -64,6 +66,7 @@ spec:
                 properties:
                   maxBuckets:
                     description: max number of buckets the user can create
+                    format: int64
                     type: integer
                   maxObjects:
                     anyOf:
@@ -84,6 +87,11 @@ spec:
                 type: string
               s3UserClass:
                 type: string
+              subusers:
+                items:
+                  pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                  type: string
+                type: array
             required:
             - adminSecret
             - readonlySecret
@@ -96,6 +104,7 @@ spec:
                 properties:
                   maxBuckets:
                     description: max number of buckets the user can create
+                    format: int64
                     type: integer
                   maxObjects:
                     anyOf:
@@ -114,6 +123,11 @@ spec:
                 type: object
               s3UserName:
                 type: string
+              subusers:
+                items:
+                  pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                  type: string
+                type: array
             type: object
         type: object
     served: true

deploy/charts/s3-operator/templates/validating-webhook-configuration.yaml

@@ -7,6 +7,26 @@ metadata:
   labels:
   {{- include "s3-operator.labels" . | nindent 4 }}
 webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: '{{ include "s3-operator.fullname" . }}-webhook-service'
+      namespace: '{{ .Release.Namespace }}'
+      path: /validate-s3-snappcloud-io-v1alpha1-s3bucket
+  failurePolicy: Fail
+  name: vs3bucket.kb.io
+  rules:
+  - apiGroups:
+    - s3.snappcloud.io
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - s3buckets
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   clientConfig:
@@ -24,6 +44,7 @@ webhooks:
     operations:
     - CREATE
     - UPDATE
+    - DELETE
     resources:
     - s3userclaims
   sideEffects: None